Accelerate the Discovery and Qualification of Threats
Reduce Investigation Effort and Increase Threat Recognition
Problem: Often during the investigation process, whether prompted by an alarm or via an ad hoc search, an analyst may perform multiple subsequent searches to understand the nature, intent and scope of a suspicious activity to determine if the incident represents true risk to the environment.
If not organized, the data accumulated throughout these subsequent searches may be difficult to interpret, lead to an incorrect conclusion, or result in an incident slipping through the cracks.
Solution: Cases are easily created within LogRhythm and can act as a central repository of evidence tied to ongoing investigations. They can include any existing forensic data within LogRhythm, as well as external evidence such as screen captures and event data from third-party products. Case Management ensures that threats are proactively identified, prioritized based on organizational risk and rapidly investigated within the Security Intelligence Platform for streamlined incidence response.
Additional LogRhythm Benefit: Any case can be shared with other collaborators, who can also add forensic evidence and annotations to expedite threat detection and response. All activity is tracked as part of the case history, providing real-time status and a tamper-proof audit trail.
Access can be restricted for any user to ensure confidentiality. Case Management enables organizations to drastically improve the maturity and efficiency of their security operations and incident response capabilities.
Problem: In addition to a centralized repository for relevant evidence, effective incident response management requires immediate insight and easy access to all aspects of the process, including case priority, working status, case contributors, case notes, forensic discovery, etc.
Solution: LogRhythm’s Case Management allows users to assign a priority to each individual case, with a one-click process to flag any incident requiring escalation. An administrator can begin the incident response management process and quickly escalate the case for immediate collaboration with designated analysts that are given full access to all forensic data and working notes.
Additional LogRhythm Benefit: A Case Management widget delivers immediate access to all cases, including associated alarms, log evidence and notes from any screen within the web console. Users can quickly filter based on specific incidents, status, case owner and/or age for streamlined viewing to quickly add evidence from ongoing forensics to the appropriate case.